<?php /* TICKETSMITH $Id: comment.php,v 1.18 2004/11/18 14:41:57 gregorerhardt Exp $ */

if (!$canEdit) {
	$AppUI->setMsg('Access denied', UI_MSG_ERROR);
	$AppUI->redirect();
}

$ticket = dPgetParam( $_GET, 'ticket', '' );
$ticket_type = dPgetParam( $_GET, 'ticket_type', '' );

// setup the title block
$titleBlock = new CTitleBlock( 'Post Comment' );
$titleBlock->addButton( 'tickets list', 'index.php?m=ticketsmith' );
$titleBlock->addCell();
$titleBlock->show();

require('modules/ticketsmith/config.inc.php');
require('modules/ticketsmith/common.inc.php');

/* set title */
$title = 'Post Comment';

/* prepare ticket parent */
if (!$ticket_parent) {
    $ticket_parent = $ticket;
}

$author_name = dPgetParam( $_POST, 'author_name', '' );
$author_email = dPgetParam( $_POST, 'author_email', '' );
$comment = dPgetParam( $_POST, 'comment', '' );
$body = dPgetParam( $_POST, 'body', '' );

if (@$comment) {

    /* prepare fields */
    list($author_name, $author_email) = query2array("SELECT CONCAT_WS(' ',contact_first_name,contact_last_name) as name, contact_email as email FROM users u LEFT JOIN contacts ON u.user_contact = contact_id WHERE user_id = '$AppUI->user_id'");
    $subject = db_escape( query2result("SELECT subject FROM tickets WHERE ticket = '$ticket_parent'") );
    $comment = db_escape( $comment );
    $author = $author_name . " <" . $author_email . ">";
    $timestamp = time();
    $body = escape_string($body);

    /* prepare query */
    $query = "INSERT INTO tickets (author, subject, body, timestamp, type, parent, assignment) ";
    $query .= "VALUES ('$author','$subject','$comment','$timestamp','Staff Comment','$ticket_parent','9999')";

    /* insert comment */
    do_query($query);

    /* update parent ticket's timestamp */
    do_query("UPDATE tickets SET activity = '$timestamp' WHERE ticket = '$ticket_parent'");

    /* return to ticket view */
    echo("<META HTTP-EQUIV=\"Refresh\" CONTENT=\"0;URL=index.php?m=ticketsmith&a=view&ticket=$ticket_parent\">");

    exit();

} else {
?>
<form name="ticketform" action="index.php?m=ticketsmith&a=comment&ticket=<?=$ticket?>" method="post">
<table class="infopanel" width="100%" border="0" cellpadding="3" cellspacing="0">
<tr>
	<th><img class="ico" src="images/discuss.gif">&nbsp;<?=$AppUI->_($title)?></th>
</tr>
<tr>
	<td style="padding: 8px">
		<input type="submit" class=button value="<?=$AppUI->_('Submit')?>">
		<input type="button" value="view this ticket" onclick="location.href='index.php?m=ticketsmith&a=view&ticket=<?=$ticket?>'">
	</td>
</tr>
</table>
<table class="subinfopanel" width="100%" border="0" cellpadding="3" cellspacing="4">
<tr>
<td align="right" width="80"><b><?=$AppUI->_('From')?>:</b></td>
<?
	list($author_name, $author_email) = query2array("SELECT CONCAT_WS(' ',contact_first_name,contact_last_name) as name, contact_email as email FROM users u LEFT JOIN contacts ON u.user_contact = contact_id WHERE user_id = '$AppUI->user_id'");
?>
<td align="left"><?=$author_name?>&lt;<?=$author_email?>&gt;</td>
</tr>
<tr>
<td align="right" valign="top"><b>Comments:</b></td>
<td align="left">
<tt>
<textarea name="comment" wrap="hard" cols="72" rows="20">
</textarea>
</tt>
</td>
</table>
</form>
<?
}
?>
